On Sat, 18 May 2024 at 23:30, Peter Marko via lists.openembedded.org <[email protected]> wrote: > # Upstream has useful patches at times at ftp://invisible-island.net/ncurses/ > -SRC_URI = "git://github.com/mirror/ncurses.git;protocol=https;branch=master" > +SRC_URI = > "git://github.com/ThomasDickey/ncurses-snapshots.git;protocol=https;branch=master"
After the xz backdoor I'm nervous about switching upstream sources with no verification of their authenticity. Is this referenced anywhere from ncurses homepage or ncurses tarball download? Should we take that tarball rather? Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#199609): https://lists.openembedded.org/g/openembedded-core/message/199609 Mute This Topic: https://lists.openembedded.org/mt/106178307/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
